TL;DR: ITSM practices can improve service quality, efficiency, and self-service, but Zluri’s analysis also shows they only work when approval flows, access requests, and provisioning are tightly governed. The deeper issue is that service management becomes an identity control problem as soon as tickets drive access decisions.
NHIMG editorial — based on content published by Zluri: Best Practices 5 ITSM Best Practices for Organizations
By the numbers:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
Questions worth separating out
Q: How should security teams govern self-service access in ITSM workflows?
A: Treat self-service as a governed access path, not a convenience layer.
Q: Why do ITSM tools often create identity governance gaps?
A: They are usually designed to move tickets, not to enforce ownership, expiry, or recertification.
Q: What breaks when service requests are not tied to access approvals?
A: The workflow loses its control point and becomes a fast route to privilege sprawl.
Practitioner guidance
- Map service requests to identity decisions Classify every common request as a provisioning, change, or deprovisioning event, then assign an owner and approval rule to each path.
- Build policy checks into self-service workflows Require role validation, app ownership, and exception logging before a request can create access or assign a license.
- Add identity outcomes to ITSM KPI dashboards Track approval latency, orphaned access, exception frequency, and removal completion alongside incident and availability metrics.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step examples of how the ITSM practices are applied in day-to-day service operations
- The product-oriented explanation of Zluri's Employee App Store and SaaS approval workflow flow
- The vendor's guidance on app visibility, license assignment, and request handling for new joiners
- The practical onboarding and adoption angles that support IT operations teams
👉 Read Zluri's ITSM best practices article for service management and access workflow detail →
ITSM best practices and service access: where IAM teams should look?
Explore further
ITSM is an identity governance surface, not just an operations discipline. The article treats service management as a way to improve speed, quality, and customer satisfaction, but the underlying control plane is access. Every request, approval, and fulfilment step changes who or what can do what inside the environment. That means ITSM maturity should be judged partly by how well it preserves ownership, auditability, and lifecycle control across services. Practitioners should stop treating service desk design and identity design as separate conversations.
A few things that frame the scale:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to The 2026 Infrastructure Identity Survey.
- Organisations that describe themselves as confident in their AI deployment actually experience a 72% security incident rate, compared to 33% for those who remain cautious, according to The 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: How do organisations measure whether ITSM is improving identity governance?
A: Use access-focused metrics alongside service metrics. Track approval latency, exception rates, orphaned access, and deprovisioning completion, then compare those numbers with ticket throughput and uptime. If the process is fast but leaves stale access behind, it is optimising service delivery at the expense of governance.
👉 Read our full editorial: ITSM best practices expose the identity governance gap in service access